k8s-pod-restart-info-collector icon indicating copy to clipboard operation
k8s-pod-restart-info-collector copied to clipboard

Published 20 hours ago verified publisher icon airwallex

Add ability to define containersecuritycontext

Open jeremych1000 opened this issue 1 year ago • 1 comments

Hi,

I run a cluster that has a policy engine on it that forbids insecure pods/containers.

Currently there is a way to define a pod security context, but not a container security context.

Can we add this in please? It just needs to be a new line in the container spec.

This is what I require:

podSecurityContext:
  runAsGroup: 2000
  runAsNonRoot: true
  runAsUser: 1000
  fsGroup: 2000
  seccompProfile:
    type: RuntimeDefault

containerSecurityContext:
  allowPrivilegeEscalation: false
  readOnlyRootFilesystem: true
  seccompProfile:
    type: RuntimeDefault
  capabilities:
    drop: ["ALL"]

jeremych1000 avatar Jun 09 '23 10:06 jeremych1000